Define a Tunnel Monitoring Profile
Focus
Focus
Network Security

Define a Tunnel Monitoring Profile

Table of Contents

Define a Tunnel Monitoring Profile

Where Can I Use This?
What Do I Need?
  • PAN-OS
No license required
A tunnel monitoring profile allows you to verify connectivity between the VPN peers; you can configure the tunnel interface to ping a destination IP address at a specified interval and specify the action if the communication across the tunnel is broken.
  1. Select
    Network
    Network Profiles
    Monitor
    . A default tunnel monitoring profile is available for use.
  2. Click
    Add
    , and enter a
    Name
    for the profile.
  3. Select the
    Action
    to take if the destination IP address is unreachable.
    • Wait Recover
      —the firewall waits for the tunnel to recover. It continues to use the tunnel interface in routing decisions as if the tunnel were still active.
    • Fail Over
      —forces traffic to a back-up path if one is available. The firewall disables the tunnel interface, and thereby disables any routes in the routing table that use the interface.
    In either case, the firewall attempts to accelerate the recovery by negotiating new IPSec keys.
  4. Specify the
    Interval (sec)
    and
    Threshold
    to trigger the specified action.
    • Threshold
      specifies the number of heartbeats to wait before taking the specified action (range is 2-100; default is 5).
    • Interval (sec)
      specifies the time (in seconds) between heartbeats (range is 2-10; default is 3).
  5. Attach the monitoring profile to the IPSec Tunnel configuration. See Enable Tunnel Monitoring.

Recommended For You